[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RELEASED: Mailman 2.1.9
|
From: |
Barry Warsaw |
|
Subject: |
RELEASED: Mailman 2.1.9 |
|
Date: |
Wed, 13 Sep 2006 10:00:57 -0400 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the GNU Mailman development team, I'm please to announce
Mailman 2.1.9. This is primarily a security and bug fix release and
it is highly recommended that all sites upgrade to this version.
Mailman 2.1.9 also contains support for two new languages: Arabic and
Vietnamese.
Mailman is free software for managing email mailing lists and e-
newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org
http://mailman.sf.net
http://www.gnu.org/software/mailman
A more detailed change list is included below.
Enjoy,
- -Barry
2.1.9 (12-Sep-2006)
Security
- A malicious user could visit a specially crafted URI and
inject an
apparent log message into Mailman's error log which might
induce an
unsuspecting administrator to visit a phishing site. This
has been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks
to Moritz
Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability.
Discovery and fix
by Karl Chen. Analysis of non-exploitability by Martin
'Joey' Schulze.
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
Internationalization
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/footer
which
are not in the character set of the list's language are
ignored rather
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of
queue
slices that could result in unprocessable queue entries.
Improved FIFO
processing when two queue entries have the same timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQlpBXEjvBPtnXfVAQL3wgQAuJhHHGrS7uSW8FFONv7vXjXj67U1Ztll
3UYY2LVyHtItGeMIJ8RNuJIBE6gw9KWFLKKJ3DNqVaNjVGfAaV8CebHAhDpxIieZ
z4OUsenL6NrBpirCdDhWQO0wYx0cNMTUq4EkRhUQif8OT33L6UlTs2ohloNoiSqC
cn4lXlHkmHo=
=/g43
-----END PGP SIGNATURE-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- RELEASED: Mailman 2.1.9,
Barry Warsaw <=